Group Policy is an add-on for the Active Directory infrastructure that allows you to implement specific configurations/rules for users and computers in your domain.
Group Policy settings are contained in Group Policy objects (GPOs), which are linked to the following Active Directory directory service containers: sites, domains, or organizational units (OUs).
The settings within GPOs are then evaluated by the affected targets, using the hierarchical structure of Active Directory.
[00:22] Consequently, Group Policy is one of the top reasons to deploy Active Directory because it allows you to manage user and computer objects.
In fact, we can create and use one of there AD containers: forest, tree, domain, site, and OU which contain appropriately objects to apply policies.
Alternatively, for more granular apply, we can define permissions for particular policies to ensure only expect objects will be applied.
You can launch Group Policy Management from the Start menu.
[1:05] We are creating a global policy to prevent all users from accessing their Windows Control Panel, for example.
First, we just create a policy, now let's define it!
We are creating a global policy, thus right-click SnoOpy.com domain.
[1:14] "For Group Policy settings that affect only a local computer or user, you can use the Local Group Policy Editor and for Active Directory Domain Services (AD DS) environment you can use Group Policy Management Console (GPMC)" – newhelptech.wordpress.com
[1:29] The path to this policy is shown as above.
[1:36] There are 2 sections, Computer, and User Configuration.
While Computer Configuration applies to all users who logon to a domain computer which the policy bound to; User Configuration applies to particular users who logon to any domain computer.
To learn more about these sections, go to:
Details about how to configure a policy can be found here.
[1:53] In some case, Computer and User Configuration can be used together, and you must take care that it may cause conflicts.
[2:00] To learn more about notes of using Computer and User Configuration together, go to:
[2:11] of 0 to 30 minutes.
In addition to background updates, GPOs for the computer is always be updated when the system starts.
You can specify an update rate from 0 to 64,800 minutes (45 days).
However, because these updates might interfere with users' works and increase network traffic, a very short update interval is not appropriate for almost environment.
[2:20] We can use this command to update Group Policy Objects immediately.
[2:34] "In an organization, there can be many group policies in used. Sometime multiple policies may target same thing. In that case it is important to understand which policy going to win. Group Polices precedence order LSDOU and Group Policy Inheritance decides which policy will win in Active Directory structure" – rebeladmin.com
[2:43] Because this policy applied immediately after the gpupdate /force command has been run; it's a global policy, thus every user/computer/server in the SnoOpy.com domain will be affected.
We can't access the Windows Control Panel anymore.
[2:55] "This is a normal problem of this operation has been cancelled due to restrictions in effect on this computer. And maybe you will see in the right bottom corner, the date and time cannot use correctly" – community.spiceworks.com
[3:11] SnoOpy-Server-3 user in the SnoOpy-Server-3 computer belongs to this domain, thus it will be affected, too.
By using the "link " feature to Group Policy objects (GPOs), when links were created, policies which were linked will be saved in a store called "Group Policy Objects ".
And it will be linked to positions that we chose.
This linking feature offers benefits:
Prevent accidental deletion, you don't have to delete policy to make it lost affect temporary, you just have to un-link it, then we can "re-link " it and decide to delete it later (shortcut).
It's easy to disable, enable, link to other containers (multiple containers if needed without creating new policies, which cause headaches to manage them).
[3:54] Uncheck "Link Enabled" to disable this policy momentarily without deleting it.
[4:01] Run gpupdate /force to apply this policy adjustment immediately.
[4:11] Now, every user in the SnoOpy.com domain can access the Windows Control Panel.
[4:27] Wait for part 2 to know how to troubleshoot/verify the application of a GPO!